Just as privacy remains front page news, it remains a subject of bi-partisan interest on Capitol Hill. This entry briefly describes (1) the oversight role Congressional committees are performing when privacy makes the news, (2) the establishment of a new Senate Judiciary Committee privacy subcommittee chaired by Senator Al Franken (D-MN); (3) the expected legislation to be introduced in the Senate; (3) the bills that have landed in the House and the other proposals expected there; (4) the focus on amendments to ECPA and CALEA; and (5) the contintuing innovations in state legislatures. In short, a two minute read on the state of privacy in the legislative branch.
Today the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) imposed a civil monetary penalty (CMP) in the amount of $4.3 million on Cignet Health for violations of the HIPAA Privacy Rule. This represents the first CMP imposed by HHS for HIPAA privacy violations. When Congress enacted the HITECH law in [...]
Two webinars, one afternoon. On Thursday, February 24, Hogan Lovells Privacy and Information Management Practice Director Chris Wolf will participate in a BNA webinar (along with Senior Governmental Affairs Advisor Nancy Granese of Hogan Lovells and Jules Polonetsky of the Future of Privacy Forum) on privacy developments in Washington, and an Experian webinar on data security breach notification laws (along with Reed Freeman of Morrison & Foerster and Tony Hadley of Experian). Both pay-to-view programs are open for sign-up now.
On January 19, the Supreme Court decided NASA v. Nelson, a case brought by NASA contractors alleging that questions asked by the federal agency in a background check violated their constitutional right to information privacy — i.e., a constitutional privacy interest in the government “avoiding the disclosure of personal matters” recognized in a pair of 1977 cases, Whalen v. Roe and Nixon v. Administrator of General Services. At issue were questions that asked whether the contractors received “any treatment or counseling” regarding illegal drug use within the previous year (as a follow up to a question regarding whether they used, possessed, supplied or manufactured illegal drugs within that year), and questions directed toward references for information bearing on “suitability for government employment or security clearance,” including “adverse information” about an the contractor’s “honesty or trustworthiness,” “violations of the law,” “financial integrity,” “abuse of alcohol and/or drugs,” “mental or emotional stability,” “general behavior or conduct,” or “other matters.”
Recent guidance from the National Institute of Standards and Technology (“NIST”) encourages federal agencies to take advantage of cloud computing. It also provides draft security and privacy guidelines for federal agencies to follow when engaging cloud providers. The draft guidelines serve as roadmaps for how to negotiate meaningful privacy and data security protections from cloud providers. Though prepared for federal agencies, the draft guidelines could prove influential to the private sector as an increasing number of private businesses use cloud services. NIST has requested comments on the drafts by no later than February 28, 2011.
Shining a new spotlight on health data breaches, the Federal Trade Commission recently posted a frequently asked questions guide to medical identity theft for health care providers and insurers. Medical identity theft occurs when one person obtains health care services or prescription drugs using the identity of someone else, or when those working in a health care provider setting [...]
With decision of 31 January 2011 (2011/61/EU), Israel has now formally been recognized by the European Commission as a country which provides an adequate level of protection of personal data, permitting cross-border transfers.
Cisco has launched a Privacy and Security Compliance Journey web site with a variety of useful materials and resources. Hogan Lovells is pleased to have its primer on legal issues in Cloud Computing including privacy and data security concerns as the first featured content on the Cisco site. A link to the primer is contained in this blog entry.